[glib-networking/glib-2-66] gnutls: fix threadsafety in g_tls_database_gnutls_verify_chain

[Michael Catanzaro <mcatanzaro src gnome org>]

commit b31b9f9d4b9a24bc4a290974da249fe94b1def75
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Thu Apr 1 13:52:36 2021 -0500

    gnutls: fix threadsafety in g_tls_database_gnutls_verify_chain
    
    All priv members need to be locked, including priv->trust_list. Although
    it is read-only once it is initialized, apparently still not safe to
    share across threads.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1937513

 tls/gnutls/gtlsdatabase-gnutls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
---
diff --git a/tls/gnutls/gtlsdatabase-gnutls.c b/tls/gnutls/gtlsdatabase-gnutls.c
index 3825a35..3e8ca3e 100644
--- a/tls/gnutls/gtlsdatabase-gnutls.c
+++ b/tls/gnutls/gtlsdatabase-gnutls.c
@@ -43,7 +43,7 @@ typedef struct
    */
   GMutex mutex;
 
-  /* read-only after construct */
+  /* Read-only after construct, but still has to be protected by the mutex. */
   gnutls_x509_trust_list_t trust_list;
 
   /*
@@ -496,10 +496,12 @@ g_tls_database_gnutls_verify_chain (GTlsDatabase             *database,
   if (g_cancellable_set_error_if_cancelled (cancellable, error))
     return G_TLS_CERTIFICATE_GENERIC_ERROR;
 
+  g_mutex_lock (&priv->mutex);
   gnutls_chain = convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain));
   gerr = gnutls_x509_trust_list_verify_crt (priv->trust_list,
                                             gnutls_chain->chain, gnutls_chain->length,
                                             0, &gnutls_result, NULL);
+  g_mutex_unlock (&priv->mutex);
 
   if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error))
     {